AngeL: a tool to disarm computer systems

In this paper we present a tool designed to intercept attacks at the host where they are launched so as to block them before they reach their targets. The tool works both for attacks targeted on the local host and on hosts connected to the network. In the current implementation it can detect and block more than 70 attacks as reported in the literature.The tool is based on the idea of improving the overall security of the Internet by connecting disarmed systems, i.e., hosts that cannot launch attacks against other hosts. Such a strategy was presented in [4]. Here we present an extended version of the tool that has been engineered to consider a wide variety of attacks and to run on various releases of the Linux kernel and the experience learned in building such a tool. A protection mechanism of the tool itself that prevents its removal is also implemented. Experimental results of the impact of the tool on system performance show that the overhead introduced by the tool is negligible from the user's perspective, thus it is not expected to be a hindrance to the successful deployment of the tool.

[1]  R. Sekar,et al.  Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications , 1999, USENIX Security Symposium.

[2]  Robert K. Cunningham,et al.  Accurately Detecting Source Code of Attacks That Increase Privilege , 2001, Recent Advances in Intrusion Detection.

[3]  Giovanni Vigna,et al.  The STAT tool suite , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[4]  David A. Bandel Linux? Security Toolkit , 2000 .

[5]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[6]  Lorenzo Cavallaro,et al.  Less harm, less worry or how to improve network security by bounding system offensiveness , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[7]  Úlfar Erlingsson,et al.  IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[8]  Danilo Bruschi,et al.  Disarming offense to facilitate defense , 2001, NSPW '00.

[9]  Timothy Fraser,et al.  Hardening COTS software with generic software wrappers , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).